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CLAIMS : 

What is claimed is: 

1. A method for managing a plurality of computer 
systems attached to a network, said method comprising the 
computer implement steps of: 

for each type of element in said plurality of 
computer systems, defining attributes that are of 
interest in the operation of said computer systems; 

for each element in said plurality of computer 
systems, assigning values to each of said attributes 
associated with said elements- 
defining a policy concerning a first set of said 
elements in terms of relationships between a 
corresponding first set of values of said attributes 
associated with said first set of elements and a second 
set of desired values; and 

performing at least one operation, chosen from a 
group of set operations, on said first set of values to . 
determine if said first set of values meets said policy. 

2. The method of claim 1, further comprising providing 
a report on compliance to said policy by said first set 
of elements. 

3. The method of claim 1, wherein said performing step 
performs an operation chosen from the group of set 
operations consisting of: filter, projection, section. 



24 

Docket No. AUS920040177US1 

diagonal, union, intersection, subset, setminus, and 
cardinal . 

4. The method of Claim 1, wherein said reporting step 
comprises reporting elements that did not comply with 
said policy. 

5. The method of Claim 1, wherein said defining step 
uses the relationships of "'belongs to" and "does not 
belong to" . 

6. The method of Claim 1, wherein said defining step 
uses multiple relationships joined by the operations 
*^and", "^or", and "not", 

7 . A computer program product in a computer readable 
medium for managing enforcement' of a set of policies on a 
plurality of computer systems attached to a network, said 
computer program product comprising: 

first instructions for 'defining, for each type of 
element in said plurality of computer systems, attributes 
that are of interest in the operation of said computer 
systems; 

second instructions for assigning, for each element 
in said plurality of computer systems, values to each of 
said attributes associated with said element; 

third instructions for defining a policy concerning 
a first set of said elements in terms of relationships 
between a corresponding first set of values of said 
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attributes associated with said first set of elements and 
a second set of values; and 

fourth instructions for performing at least one 
operation, chosen from a group of set operations, on said 
first set of values to determine if said first set of 
values meets said policy. 

8. The method of Claim 1, further comprising fifth 
instructions for providing a report on compliance to said 
policy by said first set of elements. 

9. The method of Claim 6, wherein said fourth 
instruction performs an operation chosen from the group 
of set operations consisting of: filter, project, 
section, diagonal, union, intersection, subset, setminus, 
and cardinal . 

10. The method of Claim 6, wherein said fifth 
instruction comprises reporting elements that did not 
comply with said policy. - ^ ^^-^ 

11. The method of Claim 6, wherein said third 
instruction uses the relationships of ''belongs to" and 
"does not belong to" . 

12. The method of Claim 6, wherein said third 
instruction uses multiple relationships joined, by the 
operations "and" , "or", and "not". 
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13. A computer system comprising: 

a processor having a connection to a network; 
a keyboard connected to input information to said 
processor; 

an output device for providing reporting 
capabilities; 

a set of instructions stored in memory and connected 
to be executed by said processor, said set of 
instructions comprising: 

first instructions for defining, for each type of 
element in a plurality of computer systems that are 
connected to be managed by said computer system, 
attributes that are of interest in the operation of 
said computer systems; 

second instructions for assigning, for each element 
in said plurality of computer systems, values to each 
of said attributes associated with said element; 

• third instructions for receiving a policy 
concerning a first set of said elements defined in 
teirmS' of relationships between a corresponding fdrst 
set of values of said attributes associated withf„ said 
first set of elements and a second set of values.; and 

fourth instructions for performing at least one 
operation, chosen from a group of set operations, on 
said first set of values to determine if said first set 
of values meets said policy • 

14. The computer system of Claim 6, further comprising 
fifth instructions for providing a report on compliance 
to said policy by said first set of elements. 
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15. The computer system of Claim 11, wherein said fourth 
instruction performs an operation chosen from the group 
of set operations consisting of: filter, project, 
section, diagonal, union, intersection, subset, setminus, 
and cardinal . 

16. The computer system of Claim 11, wherein said fifth 
instruction comprises reporting elements that did not 
comply with said policy. 

17. The computer system of Claim 11, wherein said third 
instructions receive policies using the relationships of 
'^belongs to" and ''does not belong to" . 

18. The computer system of Claim 11, wherein said third 
instructions receive multiple relationships joined by the 
operations ^^and" , ^^or" , and ^^not" . 

19. The ^computer system of Claim 11, wherein said report 
is provided on said output device. 



